Hi. I am running ROCK on a NUC. It has performed flawlessly until a week or two ago, I noticed that ROCK dissapeared from my network so I was unable to transfer music to the internal HD. Eventually I figured out what I think the issue is. I am running Windows 10 on the laptop that I am using to transfer my music to ROCK. I believe Microsoft at some point disabled SMB1 sharing claiming that it is a security issue. Once I re-enabled it, the ROCK reappeared. I am not tech savy enough to understand the security risks, but the fact that Microsoft views it as an issue is reason enough for me to be concerned.
When I tried to connect to the ROCK, I got this error:
âYou canât connect to the file share because itâs not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack.
Your system requires SMB2 or higher. For more info on resolving this issue, see: Bing
When I reenabled the SMB1 protocol, the ROCK reappeared and I was able to move music to it again. So, my question is- is it on the roadmap for ROCK to change to SMB2 which Microsoft says is secure? Or, is this blown out of proportion?
There is no plan to move to SMB2 for the time being. This security thing mostly applies in an enterprise situation. Most people do not even run home SMB with a password.
Thanks for your prompt response. I do not know enough about SMB to know what is or isnât best practice regarding security. I can tell you that at home I run my wifi encrypted, with SSID hidden and use MAC Filtering to keep intruders out. That is about all I know how to do as far as security. Hopefully it does not matter whether ROCK is sharing on SMB1 or SMB2 assuming the entire network is secure? Regardless, iIf you are comfortable that continuing to use SMB1 doesnât put us at risk, then I will take your word for it. Thanks again!
Iâm not sure what you mean by âthis security thing.â From what I read, Windows has had âSMBv2â since Vista (thatâs the client version, or âsituationâ), which is ancient history. Windows has had âSMBv3â since Windows8 (again, client), which is maybe 4 years old. These protocols cannot be turned off except by explicit action, so I assume that most Windows users do employ those protocols.
âMost people do not even run home SMB with a password.â
Itâs harder to evaluate this statement. I for one use authentication by id/password. If it is true that most people have no such authentication, thatâs really bad practice. To my mind, Roon shouldnât be encouraging that practice by offering no secure alternatives (that is, some kind of authentication).
Mind you, itâs too late now for Roon to make a secure alternative the default (too many installations, too much disruption), but Roon would be better in offering a secure alternative, a choice, an opt-in.
âŚAnd that is the problem. The way to look at it is that anyone clever enough to break into and access your home network will not be troubled by your âsecurityâ measures:
wifi encyption can be cracked easily or bypassed
MAC addresses can be spoofed
ISP routers are notoriously cheap nasty insecure (and often unsecured) things
And if they get in the first thing they will do is take over your router and turn all the security off. In a home environment I would be worried about them stealing all my online banking details and passwords, not accessing ROCK to copy some of my music. Enterprise security is a whole different ball game though involving âdefence in depthâ. Multiple layers of security so that even if you can get in undetected, you canât get at anything.
My WIN 10 has just had the Fall Creators Update and is still able to access ROCK shares. They could have turned this on as a security update though, but the fuss over SMB1 was some time ago and likely to have been done before this update.
Agreed, that is an issue, if your organisation locks down your work PC and you canât do filesharing with it to your Nucleus or ROCK/PC. Iâm in the fortunate position that while I have work accounts on my PC, the organisations that they belong to do not manage my PC - it remains mine.
Ha, was just about to reply to this thread when I saw that I already had, 5 years ago! So the question is how many ROCK/Nucleus users have had SMB1 vulnerabilities taken advantage of by hackers or a virus?
I think lighter, easier and turn key are already very diminished returns, especially if it works only on certain hardware. Installing core on Linux or Windows should not be harder than flashing ROCK.
But it is, and maintaining the OS long-term is yet another level. (I know you donât agree with that, but I am convinced that this is because you are too good with computers)
(It is, however, mildly amusing that some people think the Nucleus âsoundsâ better after deploying one of the most chattiest network protocols on the planet. There is something to that network noise after all )
I misinterpreted the size, but itâs still a business and while I appreciate that many business owners will run it in their office, itâs probably still not the main target market.
(In a simple home network, if there is ransomware on the network they have lost already. SMB1 on the ROCK wonât change that much).
But I agree that something better should be added in 2.0
Yeah, definitely, even if only because enabling it is getting more and more difficult or soon even impossible, as you say.
We know that Roon are working on RoonOS 2.0 and Iâll be very surprised if this isnât addressed. Maybe it should have happened earlier.
I have not had to enable SMB1 to connect to a ROCK share in Windows 10. But previously I have had to open up the passwordless guest account access to remote shares in SMB2/3 in Windows in order to connect to a ROCK share.
To avoid the problem of enabling guest account access for shares in Windows I have mounted my ROCK\DATA share on my NAS, then I connect to the NAS mounted share in Windows. This means I do not have to enable SMB1 in Windows or enable guest access.
My NAS does not use SMB1, and yet it can also connect to the ROCK\DATA share directly.
Yeah maybe, Ive tried to restrict it to SMB2/3 though as you can see from the screen grab above. Do you know what other protocols ROCK supports? It must support at least one of the protocols my NAS is able to use?